AWS Key Management Service's major use case is to encrypt data, specifically encrypting data at rest. We have two options: either we can go with AWS-managed keys or we can use customer-managed keys, depending on the compliance of the organization. I have a student who is in a bank, and they have a compliance requirement that they should have their own key and should not be visible to AWS. We can create a master key, which generates a data key—one encrypted and one unencrypted. The unencrypted key is stored in RAM temporarily, encrypting data in the EBS volume or wherever it lies, after which it's deleted. To decrypt, we use the KMS encrypted data object key, which goes back to AWS Key Management Service to decrypt itself and our data. AWS Key Management Service key remains in the protective vault of AWS, and all we are doing is generating the data key to encrypt and decrypt our data. Thus, encryption and decryption at rest is the basic functionality provided by AWS Key Management Service. I see benefits from these integrations because that's the beauty of microservices. When using RDS, we just create the key first, and when creating RDS, if we want encryption in storage, we select AWS Key Management Service. When using S3, instead of AWS-managed keys, we can choose to go with our customer-managed key and select that AWS Key Management Service from there. In fact, we can integrate AWS Key Management Service with any storage in any place in AWS. I am working with this feature in my organization. We mostly use symmetric encryption, while asymmetric is primarily used in cases of SSL. I know that AWS provides both symmetric and asymmetric options in AWS Key Management Service. However, the asymmetric option is mostly relevant for web applications that need to encrypt data in transit. In this case, we have a public key and a private key, where the private key is used to decrypt the data, and the public key is used to encrypt it, making it another use case in our organization.
AWS Key Management Service's major use case is to encrypt data, specifically encrypting data at rest. We have two options: either we can go with AWS-managed keys or we can use customer-managed keys, depending on the compliance of the organization. I have a student who is in a bank, and they have a compliance requirement that they should have their own key and should not be visible to AWS. We can create a master key, which generates a data key—one encrypted and one unencrypted. The unencrypted key is stored in RAM temporarily, encrypting data in the EBS volume or wherever it lies, after which it's deleted. To decrypt, we use the KMS encrypted data object key, which goes back to AWS Key Management Service to decrypt itself and our data. AWS Key Management Service key remains in the protective vault of AWS, and all we are doing is generating the data key to encrypt and decrypt our data. Thus, encryption and decryption at rest is the basic functionality provided by AWS Key Management Service. I see benefits from these integrations because that's the beauty of microservices. When using RDS, we just create the key first, and when creating RDS, if we want encryption in storage, we select AWS Key Management Service. When using S3, instead of AWS-managed keys, we can choose to go with our customer-managed key and select that AWS Key Management Service from there. In fact, we can integrate AWS Key Management Service with any storage in any place in AWS. I am working with this feature in my organization. We mostly use symmetric encryption, while asymmetric is primarily used in cases of SSL. I know that AWS provides both symmetric and asymmetric options in AWS Key Management Service. However, the asymmetric option is mostly relevant for web applications that need to encrypt data in transit. In this case, we have a public key and a private key, where the private key is used to decrypt the data, and the public key is used to encrypt it, making it another use case in our organization.